Linux – Nmap won’t run any scripts

linuxnetworkingnmap

When I try to run a Nmap script on Kali Linux I get the following:

root@known:~# nmap --script smb-check-vulns.nse 192.168.1.111

Starting Nmap 7.00 ( https://nmap.org ) at 2015-12-04 03:45 EST
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:801: 'smb-check-vulns.nse' did not match a category, filename, or directory
stack traceback:
    [C]: in function 'error'
    /usr/bin/../share/nmap/nse_main.lua:801: in function 'get_chosen_scripts'
    /usr/bin/../share/nmap/nse_main.lua:1249: in main chunk
    [C]: in ?
QUITTING!

As far as I can tell this seems like a new error.
I am running the latest version of Kali Linux as of December 4, 2015.
I've tried a few variations of introducing the script such as:

root@known:~# nmap --script=smb-check-vulns.nse <ip>

Thanks for the help.

Best Answer

In Nmap 6.46BETA6, the smb-check-vulns script was split into 6 different scripts:

You can run any specific checks you like, or all of them with --script smb-vuln-*, but be aware that many of these can cause a blue screen or other crash on the scanned system. Previously, these required you to add --script-args unsafe=1, so we added these scripts to the "dos" category so you can rule them out with --script "smb-vulns-* and not dos"

Related Solutions

Linux – Practical Nmap examples

enter image description here

Secrets of Network Cartography:
A Comprehensive Guide to nmap
Written by James Messer

Is quite a good reference in itself.
It is available as PDF and on-line reference.

There are a few cheetsheets too,
SBDTools has Nmap5 Cheetsheet v1 (pdf), among other things.

And, don't forget the 'nmap' tag right here and across SE sites.

Macos – different behavior: “sudo nmap” vs just “nmap”

By default an unprivileged scan uses -sT (TCP Connect) while privileged (root) uses -sS (TCP SYN Stealth).

TCP Connect (-sT) Connect scan uses the system call of the same name to scan machines, rather than relying on raw packets as most of the other methods do. It is usually used by unprivileged Unix users and against 1Pv6 targets because SYN scan doesn't work in those cases.

TCP SYN Stealth (-sS) This is far and away the most popular scan type because it the fastest way to scan ports of the most popular protocol (TCP). It is stealthier than connect scan, and it works against all functional TCP stacks (unlike some special-purpose scans such as FIN scan).

1) To figure what is happening with your machine I would suggest using the extra verbose mode (-vv) or --packet-trace to see what happens.

$ sudo nmap --packet-trace -vv 192.168.56.101

2) Another approach would be to force an unprivileged scan as privileged user using the following commands and see the result.

$ sudo nmap -sT -vv 192.168.56.101
$ sudo nmap --unprivileged -vv 192.168.56.101

3) Finally the reason why nmap stops the scan is because IMCP Type 8 (echo a.k.a ping) doesn't return an ICMP Type 0 (echo reply). This command ignores ping and keep scanning:

$ sudo nmap -PN 192.168.56.101

Can you please try those commands and post the output ?

Best Answer

Related Solutions

Linux – Practical Nmap examples

Macos – different behavior: “sudo nmap” vs just “nmap”

Related Question